X
Tap here to go to the mobile version of the site.

Support Forum

Using network.trr.mode = 3

Posted

While using FF 68 and setting network.trr.mode to a value of 3 no resolution of any site works. This mode only uses DNS over https and does not fall back.

Is DNS over HTTPS DOH work in this mode?

While using FF 68 and setting network.trr.mode to a value of 3 no resolution of any site works. This mode only uses DNS over https and does not fall back. Is DNS over HTTPS DOH work in this mode?

Chosen solution

Mace2 said

Yes. google does have DOH. see site https://threatpost.com/google-announces-dns-over-https-general-availability/146057/

That links to their blog --

https://security.googleblog.com/2019/06/google-public-dns-over-https-doh.html

-- which has the URLs I think you need:

https://dns.google/dns-query

Read this answer in context 0
Quote

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:68.0) Gecko/20100101 Firefox/68.0

More Information

Seburo
  • Top 10 Contributor
  • Moderator
745 solutions 5447 answers

Helpful Reply

Hi

Yes, it should work fine in that mode (I have tried it myself). Have you set network.trr.bootstrapAddress to a DNS resolver?

Hi Yes, it should work fine in that mode (I have tried it myself). Have you set network.trr.bootstrapAddress to a DNS resolver?
Was this helpful to you? 1
Quote

Question owner

My network.trr.bootstrapAddress address is blank.

I have set the network.trr.mode to 2 and it works then I set a value of 3 and FF works for a while and will stop at random period without recovering. When I view it on a sniffer FF isn't even sending any requests out to the wire. to correct I have to set network.trr.mode to 2 again.

My network.trr.bootstrapAddress address is blank. I have set the network.trr.mode to 2 and it works then I set a value of 3 and FF works for a while and will stop at random period without recovering. When I view it on a sniffer FF isn't even sending any requests out to the wire. to correct I have to set network.trr.mode to 2 again.
Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
17417 solutions 157372 answers
See: *https://daniel.haxx.se/blog/2018/06/03/inside-firefoxs-doh-engine/
Was this helpful to you?
Quote

Question owner

With DOH is selected with cloudflare alone and no value placed for network.trr.bootstapAddress should FF work when network.trr.mode=3 is selected?

With DOH is selected with cloudflare alone and no value placed for network.trr.bootstapAddress should FF work when network.trr.mode=3 is selected?
Was this helpful to you?
Quote

Helpful Reply

When I put 1.1.1.1 for network.trr.bootstrapaddress it works. However I noticed that I get an IP address of 108.162.240.29 resolving instead of 1.1.1.1.

Is this normal ?

When I put 1.1.1.1 for network.trr.bootstrapaddress it works. However I noticed that I get an IP address of 108.162.240.29 resolving instead of 1.1.1.1. Is this normal ?
Was this helpful to you? 1
Quote
jscher2000
  • Top 10 Contributor
8637 solutions 70661 answers

For me

https://mozilla.cloudflare-dns.com/dns-query

is being resolved as

104.16.249.249:443

(according to the Browser Console)

Since it's a CDN, differences are probably a normal part of the load balancing.

For me https://mozilla.cloudflare-dns.com/dns-query is being resolved as 104.16.249.249:443 (according to the Browser Console) Since it's a CDN, differences are probably a normal part of the load balancing.
Was this helpful to you? 1
Quote

Question owner

I agree. I did try to get a direct resolution from 108.162.240.29 by substituting 1.1.1.1 with 108.162.240.29 but it did not work.

I agree. I did try to get a direct resolution from 108.162.240.29 by substituting 1.1.1.1 with 108.162.240.29 but it did not work.
Was this helpful to you?
Quote

Question owner

If I change network.trr.bootstrapAddress = 8.8.8.8 and then run DNS leak

https://www.dnsleaktest.com/results.html

I get cloudflare IP address instead of google DNS address. Is DNS over http in firefox officially operational or still in the testing phase?

If I change network.trr.bootstrapAddress = 8.8.8.8 and then run DNS leak https://www.dnsleaktest.com/results.html I get cloudflare IP address instead of google DNS address. Is DNS over http in firefox officially operational or still in the testing phase?
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8637 solutions 70661 answers

Mace2 said

If I change network.trr.bootstrapAddress = 8.8.8.8 and then run DNS leak https://www.dnsleaktest.com/results.html I get cloudflare IP address instead of google DNS address.

What were you expecting to see?

If you set Firefox to use TRR only (network.trr.mode=3), you need a bootstrap address to get the IP address of the selected DNS resolver (network.trr.uri). Otherwise, Catch-22, Firefox can't get the address of the resolver because it doesn't know the address of the resolver. Once Firefox has the resolver address, the bootstrap has served its purpose.

''Mace2 [[#answer-1242060|said]]'' <blockquote> If I change network.trr.bootstrapAddress = 8.8.8.8 and then run DNS leak https://www.dnsleaktest.com/results.html I get cloudflare IP address instead of google DNS address. </blockquote> What were you expecting to see? If you set Firefox to use TRR only (network.trr.mode=3), you need a bootstrap address to get the IP address of the selected DNS resolver (network.trr.uri). Otherwise, Catch-22, Firefox can't get the address of the resolver because it doesn't know the address of the resolver. Once Firefox has the resolver address, the bootstrap has served its purpose.
Was this helpful to you?
Quote

Question owner

I was expecting 8.8.8.8 to resolve via DOH and a DNS leak test would only show Googles DNS 8.8.8.8. However I believe that cloudflare is the only DOH provider that has a direct IP address of 1.1.1.1 and 1.0.0.1. Is that correct?

I was expecting 8.8.8.8 to resolve via DOH and a DNS leak test would only show Googles DNS 8.8.8.8. However I believe that cloudflare is the only DOH provider that has a direct IP address of 1.1.1.1 and 1.0.0.1. Is that correct?
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8637 solutions 70661 answers

Mace2 said

I was expecting 8.8.8.8 to resolve via DOH and a DNS leak test would only show Googles DNS 8.8.8.8.

I don't know how the leak test page works. However, most likely, by the time you loaded it, Firefox was exclusively using the TRR resolver for DNS.

However I believe that cloudflare is the only DOH provider that has a direct IP address of 1.1.1.1 and 1.0.0.1. Is that correct?

You can look up the registered "owner" (controlling party) of an IP address here:

''Mace2 [[#answer-1242517|said]]'' <blockquote> I was expecting 8.8.8.8 to resolve via DOH and a DNS leak test would only show Googles DNS 8.8.8.8.</blockquote> I don't know how the leak test page works. However, most likely, by the time you loaded it, Firefox was exclusively using the TRR resolver for DNS. <blockquote> However I believe that cloudflare is the only DOH provider that has a direct IP address of 1.1.1.1 and 1.0.0.1. Is that correct? </blockquote> You can look up the registered "owner" (controlling party) of an IP address here: * North America: https://whois.arin.net/ui/ * Asia-Pacific: https://wq.apnic.net/static/search.html (for 1.1.1.1) * Europe/Middle East: https://apps.db.ripe.net/db-web-ui/#/query
Was this helpful to you?
Quote

Question owner

I am aware how to investigate a domain owner information.

I am looking to find out if any other DOH provider functions using only an IP address? It does not appear at this time I can use an IP address with others such as googles 8.8.8.8.

I am aware how to investigate a domain owner information. I am looking to find out if any other DOH provider functions using only an IP address? It does not appear at this time I can use an IP address with others such as googles 8.8.8.8.
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8637 solutions 70661 answers

Mace2 said

I am looking to find out if any other DOH provider functions using only an IP address? It does not appear at this time I can use an IP address with others such as googles 8.8.8.8.

Does Google offer DOH service??

Here are some lists of DOH providers you could look into:

It appears network.trr.uri will always take an https:// URL and not a bare IP address.

''Mace2 [[#answer-1242694|said]]'' <blockquote> I am looking to find out if any other DOH provider functions using only an IP address? It does not appear at this time I can use an IP address with others such as googles 8.8.8.8. </blockquote> Does Google offer DOH service?? Here are some lists of DOH providers you could look into: * https://github.com/curl/curl/wiki/DNS-over-HTTPS#publicly-available-servers * https://en.wikipedia.org/wiki/Public_recursive_name_server It appears '''network.trr.uri''' will always take an https:// URL and not a bare IP address.
Was this helpful to you?
Quote

Question owner

Yes. google does have DOH. see site https://threatpost.com/google-announces-dns-over-https-general-availability/146057/

But with my Mac OS, FF set for network.trr.mode = 3 (no fall back to any other DNS) and the custom field set for 8.8.8.8 FF does not resolve any sites. Why should this occur if they all follow DOH standard?

Yes. google does have DOH. see site https://threatpost.com/google-announces-dns-over-https-general-availability/146057/ But with my Mac OS, FF set for network.trr.mode = 3 (no fall back to any other DNS) and the custom field set for 8.8.8.8 FF does not resolve any sites. Why should this occur if they all follow DOH standard?
Was this helpful to you?
Quote
jscher2000
  • Top 10 Contributor
8637 solutions 70661 answers

Chosen Solution

Mace2 said

Yes. google does have DOH. see site https://threatpost.com/google-announces-dns-over-https-general-availability/146057/

That links to their blog --

https://security.googleblog.com/2019/06/google-public-dns-over-https-doh.html

-- which has the URLs I think you need:

https://dns.google/dns-query

''Mace2 [[#answer-1242904|said]]'' <blockquote> Yes. google does have DOH. see site https://threatpost.com/google-announces-dns-over-https-general-availability/146057/</blockquote> That links to their blog -- https://security.googleblog.com/2019/06/google-public-dns-over-https-doh.html -- which has the URLs I think you need: https://dns.google/dns-query
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.